﻿using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;

public partial class admin_Login : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
	if(!IsPostBack)
	{
        if (Session["VNum"] == null && Session["first"]==null)
        {
            Session["first"] = "1";
            Response.Redirect("login.aspx");
        }
		}
		
    }   
    protected void ImageButton1_Click1(object sender, ImageClickEventArgs e)
    {
        string User=CommonFunction.SafeRequest("User","form",false,false);
        string Pwd = CommonFunction.SafeRequest("Pwd", "form", false, false);
        string Ccode = CommonFunction.SafeRequest("Code", "form", false, false);
		Ccode=Ccode.ToUpper();
		
		
		
        if (string.IsNullOrEmpty(User))
        {
            CommonFunction.ShowMessage("请输入用户名！","login.aspx");
            return;
        }
        if (string.IsNullOrEmpty(Pwd))
        {
            CommonFunction.ShowMessage("请输入密码！","login.aspx");
            return;
        }
        if (string.IsNullOrEmpty(Ccode))
        {
            CommonFunction.ShowMessage("请输入验证码！");
            return;
        }
		  if (Session["VNum"] == null)
        {

					Response.Write("<script language=javascript>alert('验证码无效！');window.location.href='login.aspx');</script>");

			}
		else
        {
			  if (Ccode != Session["VNum"].ToString())
			  {
					CommonFunction.ShowMessage("验证码错误！","login.aspx");
					return; 
			  }
			}
		
        DataSet ds = null;
        try
        {
           ds = Socut.Data.ExecuteDataSet("select * from web_admin where LoginName='"+User+"' order by  id");
        }
        catch(Exception Err)
        {
            //Socut.Data.ExecuteNonQuery("insert into Msn35_LoginInfo (Msn35_AdminUser,Msn35_Pwd,Msn35_LoginSuccess,Msn35_LoginIP,Msn35_Error) values('"+User+"','"+Pwd+"','0','"+Request.UserHostAddress+"','查询用户时出错')");
            CommonFunction.ShowMessage("未知错误！", "login.aspx");
        }
		
		
		
        if (ds.Tables[0].Rows.Count > 0)
        {
            if (FormsAuthentication.HashPasswordForStoringInConfigFile(Pwd, "MD5") == ds.Tables[0].Rows[0][2].ToString())
            {
                Session["User"] = User.ToString();
				Session["username"] = User.ToString();
                Session["UserID"] = ds.Tables[0].Rows[0][0].ToString();
				Session["isadmin"] = ds.Tables[0].Rows[0][3].ToString();
				Session["limitcheck"] = ds.Tables[0].Rows[0][5].ToString();
				
                Session.Timeout = 60000;
				
                Session["first"] = null;
				
                //Socut.Data.ExecuteNonQuery("insert into Msn35_LoginInfo (Msn35_AdminUser,Msn35_Pwd,Msn35_LoginSuccess,Msn35_LoginIP,Msn35_Error) values('" + User + "','" + Pwd + "','1','" + Request.UserHostAddress + "','成功登陆！')");                
                Response.Redirect("adminmain.aspx");
				//Response.Write(User+""+Ccode);
//				Response.End();
            }
            else
            {
                //Socut.Data.ExecuteNonQuery("insert into Msn35_LoginInfo (Msn35_AdminUser,Msn35_Pwd,Msn35_LoginSuccess,Msn35_LoginIP,Msn35_Error) values('" + User + "','" + Pwd + "','0','" + Request.UserHostAddress + "','密码错误')");
                CommonFunction.ShowMessage("用户名不存在或密码错误！", "login.aspx");
            }
        }
        else
        {
           // Socut.Data.ExecuteNonQuery("insert into Msn35_LoginInfo (Msn35_AdminUser,Msn35_Pwd,Msn35_LoginSuccess,Msn35_LoginIP,Msn35_Error) values('" + User + "','" + Pwd + "','0','" + Request.UserHostAddress + "','用户不存在')");
            CommonFunction.ShowMessage("用户名不存在或密码错误！", "login.aspx");
        }
    }
   
}
